The fools at Mint.com, or Mint.com sucks!!

Just goes to show that winning a TechCrunch award doesn’t necessarily mean you’ve been endowed with an IQ above 100. You would think that since the biggest criticism of personal finance aggregator, Mint.com, has been potential security pitfalls, they would be a little apprehensive about doing things like, gee, I don’t know, SENDING CONFIDENTIAL INFORMATION OUT OVER AN EMAIL!! But NO! Apparently, “my friends at mint.com” believe in living dangerously. And that too, at my expense. Read on to find out why I’m so upset!

But first, the prelude. So I sign up at Mint.com, damning the torpedoes and ignoring the cries of warning raised loud and clear on a number of discussion forums. I bravely provide my Bank and Credit Card information. I even try adding my brokerage account; an attempt that thankfully fails due to Mint.com not supporting my Brokerage. Someone up there in Heaven must want to see me keep at least some of my financial information safe! Since I invest with the largest brokerage fund in the US (TD Ameritade), other than divine intervention (or a stupid list of priorities at Mint) it seemed quite odd that Mint would not work with them.

Anyway, so I sign up and start playing around with Mint. While the UI looks pretty slick, the usability leaves a lot to be desired. It’s great that the icons and graphics are high quality and they’ve got this nice curled-at-the-bottom-sticky note effect, but that doesn’t do me much good when the monthly remittance to Ameritrade from my checking account is recognized as a payment to some car mortgage company! For a moment,I thought someone was ripping me off. Only later, after some scrutiny, did I realize that the automatic categorization Mint.com was doing, was all wrong. Manual categorization of expenses was quite a pain and frankly, not something I am going to do with the hundreds of transactions across all my accounts. Fuggedaboutit.

The reason why I even went to Mint was to try out their “Savings” feature, which sounded attractive to me at first. The idea is that they’ll look at returns you are earning, say, on your Savings Account, and will suggest an an alternate financial institution to invest with that provides a better return. In theory, this could make you more money. However, in practice their software is quite flawed. My biggest “saving”, of several thousand dollars a year, was supposedly moving from Bank of America to E*Trade bank. Why? Because Mint.com told me I was earning 0% return on Bank of America savings and would actually earn 5% on E*Trade. 0%?? I thought I was getting 5%!!! Have they ?? After a little scurrying about and checking, turns out this is yet another bug and they just don’t pick up the right APY rate from Bank of America Advantage Savings. What a waste of time and a complete pain! Just go to Bankrate.com instead. No signup or security exposure and a more reliable database.

[CLICK THE IMAGE TO SEE MINT.COM’s (VERY WRONG) SAVINGS RECOMMENDATIONS]

So in any case, at this point, the utility of Mint is questionable in my mind, and I’m thinking, is it REALLY worth giving someone all my financial information and usernames/passwords so that they can tell me that the money I am sending my stock broker is actually ending up to buy some invisible car I know nothing about?

But then, something quite appaling happened. An email arrived earlier today and the stupidometer I keep with me to achieve early warning against the inane and common-sensically-challenged among us, hit the ceiling and started sounding alarm bells… An email had arrived from Mint.com that listed out the current balances on ALL my accounts, and the vendor, date and amount of my last 5 transactions across all accounts!

ACTUAL NUMBERS, DATES, VENDOR NAMES! This is the stupidest, most insecure monthly reminder I’ve seen! The list of past transactions is super insecure, because many financial services institutions will use that as one of their security questions (I know my Bank does!) Emails are inherently insecure. They are sent in plain text, you can leave them open and they don’t “timeout and close”, they can be accidentally forwarded, and the list goes on. That is precisely why responsible financial institutions simply ask you to visit their website and often don’t even provide a link to click so that you are assured that this is not an attempt to phish. Clearly, it is way too much to expect this level of maturity and responsibility from a small startup.

So, the upshot of all of this is the following:

1) Mint.com is stupid

2) I am stupid for having provided my acount info to Mint

3) I am making ammends as fast as possible by cancelling my Mint account RIGHT NOW

4) My advice to you is, please NEVER signup at Mint and if you have an account, get OUT NOW!

P.S> As I try to cancel my Mint account, I find that there IS NO WAY TO DO IT. The only thing you can do is remove your Financial Services logins and hope that the information is actually being deleted permanently. What’s more, the feedback form on the Mint website doesn’t even have an option to get them to remove your account! Here it is:

So I have sent them an email anyway telling them that I’ve deleted all my accounts and expect them to remove the complete account with no archival of now-removed financial information! Let’s see what happens. What a mistake all this has been!

54 Responses

[…] unknown wrote an interesting post today!.Here’s a quick excerptJust goes to show that winning a TechCrunch award doesn’t necessarily mean you’ve been endowed with an IQ above 100. You would think that since the biggest criticism of personal finance aggregator, Mint.com, has been potential security … […]

I checked, it hasn’t, and the information that was exposed was email addresses only. There was no financial information exposure. The point here is not that Mint.com had a bug or some hacker fought his way into the system to steal info… they are voluntarily sending personal finance info (balances etc.) in insecure formats, by default.

Interesting read. I’ve been looking around for a decent online aggregator but really have not narrowed one down. Till the time I actually find one, I guess I will stick to “My Portfolio” with BoA. Its a good way to give myself daily heart attacks looking at my total liabilities.
Atleast it allows me to aggregate all of my frequent flyer miles onto a single page. It has most of the features that Mint shows except for the recommendations part which it appears doesnt really work anyways.

Here is my review of mint.com. Give it a read and look at the comment left by one of the guys at Mint (as well as my response to his comment). Just have to say that they really have rubbed me the wrong way.

Oh..and I was able to delete my account. First I deleted it from the site then contacted them via email to delete it completely. I can only assume they did.

Yes, if you send them an email they respond in a day or two and say the account has been deleted. If they are using offline backup technologies like tape, for instance, that would be a concern. I am not sure they go back and delete backed up uname/pw information from tape. The safest thing would be to go and change your passwords across all accounts you enabled at Mint.com.

I realize you can turn it off, the point is if Mint.com has thought of security from the ground up, why is sending an alert with confidential information, a default option. The only time you find out about this is when you’ve already received confidential information in plain-text at least once.

(from above)…the point is if Mint.com has thought of security from the ground up, why is sending an alert with confidential information, a default option.
– hey fella, this is an unfair criticism…the point is that the option to receive no email is there and I personally think this is not such a huge flaw.
Seems a useful site…something I would use..

Subra, why is it an unfair criticism? why is the default setting to send out my account balance and last transaction information over a plaintext email? Why? What is the design or common sense justification for this approach?

[…] the new outflow of VC money in the valley really is. When it gets to the point where VCs fund companies that should find it hard to even convince themselves of the value they bring to the market, […]

It is allways interesting to me that there are so many people out there ready to slaughter those who are trying to develop new ideas and technoligies. If you have concerns stay away from beta versions of new programs especially those that involve your finances. I think it is very inovative, and I am sure that the folks at Mint are working around the clock to make things right. I work for the largest financial institutions in the country in the technology areas, and the go live dates they set are often much worse. Its a scramble. Would you rather people not create for fear of upsetting someone before they have a chance to address a beta problem? So far we have not seen “everyone who signed up for Mint lost there money”. From the looks of it these people are on there way to developing one of the most relevant pieces of software of our time. Many of the people in this country are in serious trouble, anything that may help I think should be welcomed as imperfect as it starts out.

Wow, so the whole premise of your complaint is over them sending an email with your account balances and a few credit card transactions?

Most banks already have alerting services that do the same thing (send balances over email), and you’re free to opt out of them. Also, balances and credit card transactions aren’t enough to compromise any of your accounts. If your bank is asking for transaction info during authentication on the phone, they’re only using it as secondary proof after already having a stronger primary authentication from you.

If this email thing is a default opt-in when you signup on mint, then it sounds like they should just make it explicit opt-in required. (ie, defaulted to opt-out)

Wow, so you didn’t read any of the other issues I mentioned in the post above? Like incorrect interest rate reports, wrong recommendations to switch accounts, incorrect categorization of expenses, missing vendor information and replacement with in correct names etc.

Here’s a logical conundrum: you mention that mint is stupid. Then you call yourself stupid. If you are stupid as well, then why would we believe your other concerns? Only fools follow other fools.

Joking aside, how many of these things are fixed now that it’s not beta? My biggest gripe with them is that I cannot sign up with them due to a pisspoor selection of financial institutions. 0 of my 4 various institutions are available. Wowza.

I think you definitely overreacted though. You are the one who voluntarily gave your information over to a beta program that has direct ties to your accounts?

You also mention how stupid it is that the default was an insecure method. Well, if you’re such a stickler, how come you weren’t checking the default settings? Just *hoping* everything would work out well? Gambling with your information?

Sounds like you were lazy and are now taking it out on a new, innovative piece of software.

Quicken has now released their online edition which is getting rave reviews. I would suggest anyone interested in the Mint concept should sign up with Quicken… if you’re going to trust someone with valuable financial information, it might as well be an established company.

What does the subprime mortgage industry have to do with the quality of Quicken’s financial aggregation product? Or the lack of quality of Mint’s?

An unrelated, completely irrelevant comment like this could perhaps only come from someone who works at Mint and is upset because the product is getting bad reviews. Rather than trolling blogs and making irrelevant comments, you would be better served if you fixed your insecure product.

Been using Mint since Jan after 18 years of Quicken. It’s definitely not perfect, but I have to admit, I like it and plan to keep working with as they continue to improve it.

If you are an anal double-entry type (like I used to be before I burned out), you’ll probably hate it. But, if you want quick, reasonably automatted categorization, it does a decent job. Sometimes, I don’t log in for a few weeks and when I do, it’s not a huge mess, but 90% already done. The cleanup is pretty minor.

Have you ever not worked on Quicken for a few weeks and then you start it up and realize just what that is going to mean for your upcoming weekend? That’s where Mint has changed the game.

You know I am just amazed. These guys have apparently conned more VCs into pumping money into their deal. Think about the economics here. 160K registered users so far. $20+M capital raised. Based on their business model, how the #$@# is this level of investment justified?? At best they can earn a small fee for referrals when their users actually signup to a financial institution’s products. For example, when a user gets referred to a lower interest credit card. For a fund expecting 10x return for a Series B deal, what level of revenue would Mint have to attain? What is the amount of money they are making off a single user?

This is the classic blue-sky con. “I’m going to be in the middle of every financial transaction on the planet. I’m going to make my 10 cents on every credit card transaction. “. Yeah, right.

The barrier to entry to this personal finance space is almost non existent. There have been at least a half dozen launches of Personal Finance sites in the last 6 months. Banks are looking at value added services on their own websites as a serious differentiator and more functionality is migrating to banking portals. Account aggregation is one of them.

I wouldn’t use Mint myself so I don’t much care about how many mistakes they make on their reports and how insecure their site is. From a venture perspective I am just amazed by how a fund like Benchmark gets conned into a crap deal like this. Give me the name of the lead guy from Big B that funded this, and I’ve got a miniature cold fusion power source I’d like to sell him.

Techlahore , Beta sites such as gmail have known bugs that users find acceptable since the software is in its trial/testing phase. The bugs in gmail are less risky and damaging than the bugs in mint.com for obvious reasons…..but you can’t be upset at mint.com if you signed up and gave ur financial info knowing the site is in its beta version. You can only be upset at urself for making an unwise decision. Would you drive your kids in car that is still being tested for safety and mishaps even though the car is free? Some people may, other won’t but the ones who do, must accept personal responsibilty for the risk they accepted. At the same time I’m not upset with you because you are actaully doing what mint.com expects certain users to do, which is to find bugs and inform them by naturally doing their testing/QA for free. You also went out of your way to inform others and I respect you for that. Mint.com should take your suggestions and use them to their advantage.

AntiWhine, lots of Mint users feel similarly duped. But thanks anyway for providing a psychological assessment of the author’s intent. Luckily for all of us, your opinion is worth exactly what we paid for it.

It’s one thing to post a review, it’s quite another to degrade the folks at Mint.com for initial flaws.

If you’ve ever used a new Microsoft product, you KNOW that some are really good and some are a serious flop, like Windows 2000 was, according to many. Still, you wouldn’t call them “stupid”, you would simply say the program or operating system has serious issues that need to be addressed.

With regard to the caustic tone ~ if they’re that “stupid”, as compared with your own level of intelligence, then you go on and accumulate $20B+ in VC and fix ALL of the issues. We can only hope that those who use your Beta either find an absolutely FLAWLESS program OR they’re more kind than you have been in your reviews!

I do appreciate the information on flaws & security concerns, however, I would certainly have preferred it without the personal assaults on the developers.

I applaud the posters efforts, and the message the he/she is sending out. The problem with many of the posts that I seen written here is that many do not differentiate the difference in using beta in a financial application, and in just a software application. There is a difference! If you want to use a beta version that is fine, but don’t let million of people signup, and put in their financial information, and then come out later and say “Oh! Well we screwed up, your money is gone, sorry about the mistake”?! Fix your problems in a secure environment, with limited users, and test, test, test! Do I know what I am talking about?! Well, I should – I write software applications everyday, and that is what I do with my applications – Test, test, test.

I couldn’t try Mint.com as I am in Canada and they ask for an American zip code. I did, however, find another service: clearcheckbook.com. The plus: you don’t enter any account numbers or even names of banks. You do have to enter in the data yourself, but what is the worse that a hacker could do? Find out how much I spend on rent? The risks are low. All they ask in return are donations (suggested $3 per month). Very nice site. I may send them a few bucks per month as the convenience is worth a donation, and they can be used by Canadians.

Wow, everyone is an expert and willing to give out expert advice. Isn’t the world a wonderful place? I love how regardless of how many people say they have problems, there is never a lack of people who just say “I’ve been using it for XX amount of time and it works fine for me”. Great, thanks a lot. Mint.com provides a piss poor financial institution list, which in return it would not surprise me if the data being posted isn’t piss poor as well. *period*

You realize that the number of people with problems are probably far fewer in number than those who have no problems with mint? It speaks wonders to me that someone takes the time to say they actually like something. Rather, I am annoyed when somebody complains about “the principal” behind a website’s practices(sending email alerts by default). I am also annoyed by your hipocritcal post. Thanks for backing up anything that you said, it makes you no better than the people who said mint works fine for them. Please get off you high horse. You suck.

I think Mint has gotten a lot better since Oct of 2007 when this was written. You absolutely can close an account now, and there are many more partners they work with. That being said, I fully agree that the savings finder or whate3ver is CRAP. That is just how they make money, by trying to sell you new accounts. If you’re looking for a credit card, saving account or CD, go to Bankrate as this post mentioned. What’s cool about mint is that is does a ton of other helpful stuff and as long as you don’t click on the savings finder, you never see any advertising.

I am sure some improvements must have been made over the last couple of years. Unfortunately, the financial services industry is all but dead which must make it hard for Mint to derive affiliate revenue. I don’t think many finserv companies are in a position to issue more credit cards to the average consumer.

I read somewhere that Mint has accumulated 900K registrations over the last 2 years. While that’s not a small number by any means, it’s not all that huge either. I just wonder where Mint.com heads to next – from a business perspective – now that most potential acquirers (i.e. Banks) are in disarray, valuations are incredibly depressed and their business model (i.e. affiliate revenue) is seriously challenged.

I just signed up for it today. It is scary, but they are smart for making more partners to get revenue from. Now they have Credit Report sites along with savings accounts that suckers can use.
So I think they are making good enough money to keep our info secure.
If you never go around looking for the offers, it’s a useful site, especially if you’re like me and have an american express card that i have to view separate from my checking account

Good lord. OH NOES THE $50.00 IN MY BANK GOT FRAUDEDEDED AIIIEEEEE!!!
I bet the people here bitching the most have about $10 in any account at any time ffs. If you’re a millionaire and have a ton to lose, you aren’t going to be using mint, are you?

Well it is 2009 and I am just reading this blog for the first time. The problems this blogger wrote about in 2007 are STILL problems at mint.com. I have several accounts that are not supported. When I emailed them to ask them to add them, they told me they are supported and I am just logging in incorrectly. Um, no I’m not. They have the wrong links and their links do not take me to the website I use to log in. I can go to the log in page and log in fine at all of them. But put the same log-in information in at the link that mint.com provides that they say is the correct one, and I get an error – BECAUSE IT’S NOT THE CORRECT LINK. I email them and tell them the specific link and they either email me back and say again that I need to check my log in information or they completely ignore my email. I’ve done this several time and I get one of those two responses (or nonresponses) each time.

Also, the categories mentioned above is still a problem. I just got an idiiot email from mint.com that says: Hi there,

You exceeded the $1,550 monthly budget you set for Entertainment by $587 in March.

Okay, #1 – I never set a monthly budget for entertainment, and if I did it sure as hell would not be $1550. and #2 – I didn’t bother to log in and see what they are categorizing as “entertainment” but there is no way in hell I I spend $2137 on entertainment. Like the poster of this blog, I am not going to wade through hundreds or thousands of transactions and assign them to the right category. I stopped using mint.com a few months back for the very reasons this poster cited in 2007. I guess I need to go back and change all my log in information and tell them to stop sending me stupid emails telling me what I spent in categories that aren’t even accurate.

I’ve been using Mint.com for a little over a year and haven’t had any problems– 3 credit cards, 1 checking account, 2 savings accounts, and 2 brokerage accounts linked with ease. Yes, transaction categorization can be painful at first, but if you just set the ‘remember’ option, it becomes a cake walk.

Mint.com should be left alone.
As mentioned on this blog – the budgeting “hints” they give are hard to justify when the categorization of transactions is poor. I’m not sure why that’s the case or why it doesn’t improve but it doesn’t work.

I have to admit i tried mint.com after filing my taxes with turbotax online for the past few years. TurboTax i’ll trust – but who are these guys?

I’m guessing the reason that the passwords are not kept on the Mint site is because Mint is powered by (or was powered by) http://www.yodlee.com/ which is the engine behind many of the online account systems offered by many of the biggest financial institutions. It’s sort of funny to see all these people get so angry about a service that they didn’t even read up on before they so easily entered in their passwords and logins for those financial institutions. Incidentally Yodlee also offers a Mint-type service of their but also includes bill paying. The interface is not nearly as nice as Mints was. I pulled out of Mint after they got bought by Intuit. I just can’t wait until someone stats competing with Intuit. I hate to say it but I actually hope Google gets into the space so at least they can amp up the offerings and benefits and get the competition going in this space.

Competition is good and Intuit is ruining the financial software business.